Skip to main content

Joomla breach leaks thousands of user accounts

(Image credit: Image source: Shutterstock/Ai825)

An unsecured Joomla database containing unencrypted backups of Joomla Resources Directory (JRD) sites has been discovered on an Amazon Web Services (AWS) S3 bucket, waiting to be found and exploited.

According to a Bleeping Computer report, the database contained information on 2,700 individuals registered on the JRD - some publicly available, others private.

The exposed data includes full names, business addresses, email addresses, phone numbers, company URLs, and newsletter subscription preferences. It also features IP addresses and hashed passwords.

"Given the overall risk classification, legal advice received was that no formal notification was required, however as an Open Source Project and in the spirit of full transparency we have issued this statement and made all those who potentially might have been affected aware," reads an advisory published by Joomla.

The database allegedly belonged to a third-party company called InterGen Web Solutions, owned by Joomla team member and former team lead Brian Mitchell.

It is hard to know for certain whether the database was discovered and abused by malicious actors. However, Joomla announced it has discovered "Super User" accounts that do not belong to Open Source Matters, and has therefore asked users to change their login details immediately.